Data Sheet
SRX4600 SERVICES GATEWAY
Product Overview
The SRX4600 Services Gateway
is a high-performance, next-
generation firewall and hardware-
accelerated security gateway that
supports the changing needs of
cloud-enabled enterprise and
service provider networks. Whether
rolling out new services in an
enterprise data center or campus,
connecting to the cloud, complying
with industry standards, deploying
distributed security gateways, or
offering high-scale multitenant
security services, the SRX4600
helps organizations realize their
business objectives while providing
scalability, high availability, ease of
management, secure connectivity,
and advanced threat mitigation
capabilities.
Product Description
The Juniper Networks® SRX4600 Services Gateway protects mission-critical data
center and campus networks for enterprises, mobile service providers, and cloud
service providers. Designed for high-performance security services architectures,
the SRX4600 protects key corporate IT assets as a next-generation firewall, acts as
an enforcement point for cloud-based security solutions, and provides application
visibility and control to improve the user and application experience.
Integrating networking and security in a single platform, the SRX4600 features
multiple high-speed interfaces, intrusion prevention, advanced threat protection,
and authentication, along with high-performance IPsec VPN and Internet gateway
capabilities. It also offers high scalability, high availability, robust protection,
application visibility, user identification, and deep content inspection to provide
unparalleled control over the security infrastructure.
The SRX4600 also acts as a central enforcement point in the Juniper Software-
Defined Secure Network (SDSN) framework, leveraging strong automation and
actionable intelligence to protect users in a multivendor network environment.
The SRX4600 is powered by Juniper Networks Junos® operating system, the
industry-leading OS that keeps the world’s largest mission-critical enterprise and
service provider networks secure.
Architecture and Key Components
The SRX4600 hardware and software architecture provides cost-effective security
in a small 1 U form factor. Purpose-built to protect network environments and
provide Internet Mix (IMIX) firewall throughput up of 75 Gbps, the SRX4600
incorporates multiple security services and networking functions on top of Junos
OS. Best-in-class security and advanced threat mitigation capabilities on the
SRX4600 are offered as 20 Gbps of next-generation firewall, 20 Gbps of intrusion
prevention system (IPS), and up to 16 Gbps of IPsec VPN in data center, enterprise
campus, and regional headquarter deployments with IMIX traffic patterns.
Table 1: SRX4600 Statistics1
Performance SRX4600
Firewall throughput 95 Gbps
Firewall throughput—IMIX 75 Gbps
Firewall throughput with application security 80 Gbps
IPsec VPN throughput—IMIX/1400 B 16/38 Gbps
Intrusion prevention system (IPS) 60 Gbps
NGFW2 throughput 20 Gbps
Connections per second 500,000
Maximum session 60 million
The SRX4600 recognizes more than 3500 applications and nested applications in
plain text or SSL-encrypted transactions. The firewall also integrates with Microsoft
Active Directory and combines user information with application data to provide
network-wide application and user visibility and control.
1
Performance, capacity, and features listed are based on systems running Junos OS 17.4R1-S1 and are measured under ideal testing conditions. Actual
results may vary based on Junos OS releases and by deployments.
2
Next-generation firewall (NGFW) is a combination of advanced features such as application security, IPS, and URLF in addition to the foundational
services such as logging and stateful firewall.
1
SRX4600 Services Gateway
Features and Benefits
Table 2: SRX4600 Features and Benefits
Business Requirement
High performance
High-quality end-user experience
Advanced threat protection
Professional-grade networking services
Highly secure
Highly reliable
Easy to manage and scale
Low TCO
Software Specifications
Firewall Services
• Stateful and stateless firewall
• Zone-based firewall
• Screens and distributed denial of service (DDoS) protection
• Protection from protocol and traffic anomalies
• Unified Access Control (UAC)
Network Address Translation (NAT)
• Source NAT with Port Address Translation (PAT)
• Bidirectional 1:1 static NAT
• Destination NAT with PAT
• Persistent NAT
• IPv6 address translation
• Port Block Allocation method for CGNAT
• Deterministic NAT
VPN Features
• Auto Discovery VPN (ADVPN)
• Suite-B Crypto
• VPN-Monitor
Feature/Solution
Up to 95 Gbps of firewall
throughput (up to 75 Gbps of
IMIX firewall throughput)
Application visibility and control
Intrusion prevention system
(IPS), antivirus, antispam, threat
intelligence feeds, Juniper Sky™
Advanced Threat Prevention,
Juniper ATP Appliance
Routing, secure wire
IPsec VPN
Chassis cluster, redundant power
supplies
On-box GUI, Juniper Networks
Junos Space® Security Director
Junos OS
SRX4600 Advantages
• Best suited for enterprise campus and data center edge deployments
• Ideal for secure router/VPN concentrator deployments at the head office
• Addresses diverse needs and scale for service provider deployments
• Detects 3500+ L3-L7 applications, including Web 2.0
• Controls and prioritizes traffic based on application and use role
• Inspects and detects applications inside SSL-encrypted traffic
• Provides real-time updates to IPS signatures and protects against exploits
• Implements industry-leading antivirus and URL filtering
• Delivers open threat intelligence platform that integrates with third-party feeds
• Protects against zero-day attacks
• Stops rogue and compromised devices to disseminate malware
• Supports carrier-class advanced routing and quality of service (QoS)
• Provides high-performance IPsec VPN with dedicated crypto engine
• Offers diverse VPN options for various network designs, including remote access and
dynamic site-to-site communications
• Simplifies large VPN deployments with auto VPN
• Includes hardware-based crypto acceleration
• Provides stateful configuration and session synchronization
• Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with dual power supply unit (PSU)
• Enables centralized management for autoprovisioning, firewall policy management,
Network Address Translation (NAT), and IPsec VPN deployments
• Includes simple, easy-to-use on-box GUI for local management
• Integrates routing and security in a single device
• Reduces OpEx with Junos OS automation capabilities
• Remote Access VPN with Network Control Protocol
(NCP) Client
• Public key infrastructure (PKI): SCEP, CMPv2, OCSP
• Tunnels: Generic routing encapsulation (GRE), IP-IP, IPsec
• Site-site IPsec VPN, auto VPN, group VPN
• IPsec crypto algorithms: Data Encryption Standard (DES),
triple DES (3DES), Advanced Encryption Standard (AES-
256)
-- ­ IPsec authentication algorithms: MD5, SHA-1, SHA-128,
SHA-256
-- ­ Pre-shared key and public key infrastructure (PKI)
(X.509)
-- ­ Perfect forward secrecy, anti-reply
-- ­ IPv4 and IPv6 IPsec VPN
-- ­ Multiproxy ID for site-site VPN
-- ­ Internet Key Exchange (IKEv1, IKEv2), NAT-T
-- ­ Virtual router and quality-of-service (QoS) aware
• Standard-based dead peer detection (DPD) support
2
SRX4600 Services Gateway

High Availability Features • Multicast: Internet Group Management Protocol (IGMP)

• Virtual Router Redundancy Protocol (VRRP)—IPv4 and IPv6 v1/v2; Protocol Independent Multicast (PIM) sparse mode
(SM)/dense mode (DM)/source-specific multicast (SSM);
• Stateful high availability:
Session Description Protocol (SDP); Distance Vector
-- ­ HA clustering Multicast Routing Protocol (DVMRP); Multicast Source
• Active/passive Discovery Protocol (MSDP); reverse path forwarding (RPF)
-- ­ Encapsulation: VLAN, Point-to-Point Protocol over
• Active/active
Ethernet (PPPoE)
• Dual (redundant) MACsec-enabled HA control ports -- ­ Virtual routers
(10GbE)
-- ­ Policy-based routing, source-based routing
• Dual (redundant) MACsec-enabled HA fabric ports -- ­ Equal-cost multipath (ECMP)
(10GbE)
QoS Features
-- ­ Configuration synchronization
• Support for 802.1p, DiffServ code point (DSCP)
-- ­ Firewall session synchronization
• Classification based on interface, bundles, or multifield
-- ­ Device/link detection filters
-- ­ Unified in-service software upgrade (unified ISSU) • Marking, policing, and shaping
• IP monitoring with route and interface failover • Classification and scheduling
Application Security Services • Weighted random early detection (WRED)
• Application visibility and control • Guaranteed and maximum bandwidth
• Application-based firewall Network Services
• Application QoS • Dynamic Host Configuration Protocol (DHCP) client/
• Advanced/application policy-based routing feature (APBR) server/relay
• User-based firewall • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
• IPS • Juniper real-time performance monitoring (RPM) and IP
monitoring
• Antivirus
• Juniper flow monitoring (J-Flow)
• Antispam
• Category/reputation-based URL filtering Management, Automation, Logging, and Reporting
• SSH, Telnet, SNMP
• SSL proxy/inspection
• Smart image download
Threat Defense and Intelligence Services
• Juniper CLI and Web UI
• Threat intelligence/feeds
• Junos Space Security Director
• Protection from botnets (command and control)
• Python
• Adaptive enforcement based on GeoIP
• Junos OS events, commit, and OP scripts
• Juniper Sky ATP, a cloud-based SaaS offering, to detect and
block zero-day attacks • Application and bandwidth usage reporting
• Juniper ATP Appliance, a distributed, on-premises • Debug and troubleshooting tools
advanced threat prevention solution to detect and block
zero-day attacks
Routing Protocols
• IPv4, IPv6, static routes, RIP v1/v2
• OSPF/OSPF v3
• BGP with route reflector
SRX4600
• IS-IS

3
SRX4600 Services Gateway
Hardware Specifications
Table 3: SRX4600 Hardware Specifications
Specification
Total onboard I/O ports
Out-of-Band (OOB) management
ports
Dedicated high availability (HA)
ports
Console
USB 2.0 ports (Type A)
Memory and Storage
System memory (RAM)
Secondary storage (SSD)
Dimensions and Power
Form factor
Size (WxHxD)
Weight (system and 2 power entry
modules)
Redundant PSU
Power supply
Average power consumption
Average heat dissipation
Maximum current consumption
Precision Time Protocol Timing Ports
Time of day - RS-232 (EIA-23)
BITS clock
10-MHz timing connector (GNSS)
Pulse per second connection
(1-PPS)
SRX4600 Specification SRX4600
8 10GbE (SFP+) Environmental and Regulatory Compliance
4x40GbE/100GbE (QSFP28) Acoustic noise level 69 dBA at normal fan speed,
RJ-45 (1 Gbps) 87 dBA at full fan speed
Airflow/cooling Front to back
2x10GbE (SFP+) Control
Operating temperature 32° to 104° F (0° to 40° C)
2x10GbE (SFP+) Data
Operating humidity 5% to 90% noncondensing
RJ-45 (RS232)
Meantime between failures (MTBF) 112,000 hours
1
FCC classification Class A
RoHS compliance RoHS 2
256 GB
NEBS compliance Designed for NEBS Level 3
2x 1 TB M.2 SSD
Formatted as 960 GB Performance
Routing/firewall (64 B packet size) 17 Gbps
throughput Gbps3
1U
Routing/firewall (IMIX packet size) 75 Gbps
17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 throughput Gbps3
cm)
Routing/firewall (1518 B packet 95 Gbps
With AC PEMs: 17.4 x 1.7 x 27.29 in
size) throughput Gbps3
(44.19 x 4.32 x 69.32 cm)
With DC PEMs: 17.4 x 1.7 x 29.20 in IPsec VPN (IMIX packet size) Gbps3 16 Gbps
(44.19 x 4.32 x 74.17 cm)
IPsec VPN (1400 B packet size) 38 Gbps
With AC PEMs: 38 lb (17.24 kg) Gbps3
Shipping weight: 45.47 lb (20.62 kg)
Application security performance 80 Gbps
With DC PEMs: 40 lb (18.14 kg) in Gbps3
Shipping weight: 47.47 lb (21.53 kg)
Recommended IPS in Gbps4 20 Gbps
1+1
Next-generation firewall in Gbps 4
20 Gbps
2x 1600 W AC-DC PSU redundant
Connections per second (CPS) 500,000
2x 1100 W DC-DC PSU redundant
Maximum security policies 80,000
650 W
Maximum concurrent sessions 60 million
2218 BTU/hour
(IPv4 or IPv6)
12 A (for 110 V AC power)
Route table size (RIB/FIB) (IPv4 4 million/2 million
6 A (for 220 V AC power) or IPv6)
24 A (for -48 V DC power)
3
Throughput numbers based on UDP packets and RFC2544 test methodology
4
Throughput numbers based on HTTP traffic with 44 KB transaction size and up to the numbers captured here
1xRJ-45
Juniper Networks Services and Support
1xRJ-48
Juniper Networks is the leader in performance-enabling services
1xInput (COAX)
1xOutput (COAX) that are designed to accelerate, extend, and optimize your
1xInput (COAX) high-performance network. Our services allow you to maximize
1xOutput (COAX) operational efficiency while reducing costs and minimizing
risk, achieving a faster time to value for your network. Juniper
Networks ensures operational excellence by optimizing the
network to maintain required levels of performance, reliability,
and availability. For services information specific to SRX Series
Services Gateways, please read the Firewall Conversion Service
or the SRX Series QuickStart Service datasheets. For more
details, please visit www.juniper.net/us/en/products-services.
4
SRX4600 Services Gateway

Ordering Information Advanced Security Services Subscription Licenses

To order Juniper Networks SRX Series Services Gateways, and Product Number Description
to access software licensing information, please visit the How to SRX4600-W-EWF-1 Enhanced Web Filtering, 1 year, SRX4600
Buy page. SRX4600-W-EWF-3 Enhanced Web Filtering, 3 year, SRX4600
SRX4600-W-EWF-5 Enhanced Web Filtering, 5 year, SRX4600
Description SRX4600
SRX4600-CS-BUN-1 NGFW Security Bundle, 1 year, SRX4600
Hardware Included
SRX4600-CS-BUN-3 NGFW Security Bundle, 3 year, SRX4600
Management (CLI, J-Web, SNMP, Telnet, SSH) Included
SRX4600-CS-BUN-5 NGFW Security Bundle, 5 year, SRX4600
L2 transparent, secure wire Included
SRX4600-IPS-1 Intrusion Prevention Signature Updates, 1 year,
Routing (RIP, OSPF, BGP, virtual router) Included SRX4600
Multicast (IGMP, PIM, SSDP, DMVRP) Included SRX4600-IPS-3 Intrusion Prevention Signature Updates, 3 year,
Packet mode Included SRX4600

Overlay (GRE, IP-IP) Included SRX4600-IPS-5 Intrusion Prevention Signature Updates, 5 year,
SRX4600
Network services (J-Flow, DHCP, QoS, BFD) Included
SRX4600-ATP-1 Juniper Sky ATP, 1 year, SRX4600
Stateful firewall, screens, application-level gateways (ALGs) Included
SRX4600-ATP-3 Juniper Sky ATP, 3 year, SRX4600
NAT (static, SNAT, DNAT) Included
SRX4600-ATP-5 Juniper Sky ATP, 5 year, SRX4600
IPsec VPN (site-site VPN, auto VPN, group VPN) Included
SRX4600-ATP-BUN-1 1 year subscription for AppSecure, IPS (IDP),
Firewall policy enforcement (UAC, Aruba CPPM) Included Enhanced Web Filtering (EWF), antivirus, and
Juniper Sky ATP service on SRX4600
Chassis cluster, VRRP, unified ISSU Included
SRX4600-ATP-BUN-3 3 year subscription for AppSecure, IPS (IDP),
Automation (Junos OS scripting, auto-installation) Included
EWF, antivirus, and Juniper Sky ATP service on
General Packet Radio Service (GPRS)/GPRS tunneling Included SRX4600
protocol (GTP)/Stream Control Transmission Protocol
SRX4600-ATP-BUN-5 5 year subscription for AppSecure, IPS (IDP),
(SCTP)
EWF, antivirus, and Juniper Sky ATP service on
Application security (AppID, AppFW, AppQoS, AppRoute) Included SRX4600

Enhanced Web filtering Optional SRX4600-THRTFEED-1 Juniper Sky ATP feeds only, 1 year, SRX4600

NGFW security bundle featuring antispam, antivirus, Optional SRX4600-THRTFEED-3 Juniper Sky ATP feeds only, 3 year, SRX4600
enhanced Web filtering, application security (AppID,
SRX4600-THRTFEED-5 Juniper Sky ATP feeds only, 5 year, SRX4600
AppFW, AppQoS, AppRoute)
IDP updates Optional Service Spares
Juniper Sky Advanced Threat Prevention Optional
Product Number Description
Juniper ATP Appliance Optional
JNP-FAN-1RU Universal fan, 1 U chassis

Base Systems JNP-PWR1600-AC Universal AC power supply, 1600 W

Product Number Description JNP-PWR1100-DC Universal DC power supply, 1100 W

SRX4600-AC SRX4600 Services Gateway, AC JNP-SSD-M2-1TB Universal 1 TB SSD, in carrier, no Junos OS

SRX4600-DC SRX4600 Services Gateway, DC SRX4600-4PST-RMK Rack mount kit, 4-post adjustable for SRX4600

SRX4600-AC-TAA SRX4600 Services Gateway, AC, TAA

SRX4600-DC-TAA SRX4600 Services Gateway, DC, TAA

All systems include dual (redundant) AC or DC power supplies,

five (4+1) redundant fans, country-specific power cords, dual
(redundant) solid-state drives, rack mount kit, and core Junos OS
software (stateful firewall, NAT, IPsec, and routing).

5
 SRX4600 Services Gateway

About Juniper Networks

Juniper Networks brings simplicity to networking with
products, solutions and services that connect the world.
Through engineering innovation, we remove the constraints
and complexities of networking in the cloud era to solve the
toughest challenges our customers and partners face daily. At
Juniper Networks, we believe that the network is a resource for
sharing knowledge and human advancement that changes the
world. We are committed to imagining groundbreaking ways to
deliver automated, scalable and secure networks to move at the
speed of business.

Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V.
1133 Innovation Way Boeing Avenue 240
Sunnyvale, CA 94089 USA 1119 PZ Schiphol-Rijk
Phone: 888.JUNIPER (888.586.4737) Amsterdam, The Netherlands EXPLORE JUNIPER
or +1.408.745.2000 Phone: +31.0.207.125.700 Get the App.
www.juniper.net

Copyright 2018 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000628-003-EN Sep 2018 6